Adding New Networks to Cisco AnyConnect VPNs
Sep17

Adding New Networks to Cisco AnyConnect VPNs

Posted By on Sep 17, 2019

KB ID 0001593 Problem Note: To add new subnets to a traditional Site to Site VPN, see the following article instead; Cisco ASA – Adding New Networks to Existing VPNs I see this get asked in online forums A LOT. If you have an existing AnyConnect VPN setup, and then need to add another network how do you do it? Well that depends on where the new network is, and how it’s entering the firewall, these diagrams can be either way...

Read More
Cisco ASA: NAT 2 Public IPs to 1 Private IP
Aug20

Cisco ASA: NAT 2 Public IPs to 1 Private IP

Posted By on Aug 20, 2019

KB ID 0001582 Problem I got asked today if this could be done. My first response was ‘why?’ I cant really think of a use case for this. But a client had this on their previous firewall and were migrating to a virtual ASA, and wanted the config replicating. So I built something like this; Solution To be fair, my first thought was ‘why not simply add an additional internal IP to the web server, and NAT the second...

Read More
Cisco SFR Cant Ping its Default Gateway?
Jul25

Cisco SFR Cant Ping its Default Gateway?

Posted By on Jul 25, 2019

KB ID 0001575 Problem This is a strange one? I was deploying FirePOWER to a pair of ASA 5550-8-X firewalls in Active / Standby failover last week. After each SFR was updated (via ASDM.) I could no longer ‘ping it’, the SFR itself could ping everything on the same VLAN, APART from its own default gateway, (which was an SVI on the Cisco 3750 switch it was connected to). This happened every time I updated the SFR, (or...

Read More
Windows 10: Cisco ASDM ‘This app can’t run on your PC’
Jul19

Windows 10: Cisco ASDM ‘This app can’t run on your PC’

Posted By on Jul 19, 2019

KB ID 0001574 Problem Whys isn’t Java dead yet? 🙁 Anyway, I tried to connect to a clients ASDM today, and from my Windows 10 machine, I got the following error; This app can’t run on your PC To find a version for your PC, check with the software publisher. Solution If you are launching straight for the desktop open the properties of the ASDM shortcut, and look at the ‘Target’ value. Change it to;...

Read More
Cisco IOS: Ether-Channel Trunks
Apr08

Cisco IOS: Ether-Channel Trunks

Posted By on Apr 8, 2019

KB ID 0001533 Problem This is a subject that every time I need to create an Ether-Channel I end up checking beforehand, so it’s about time I wrote it up. We are combining two different things, an Ether-channel, (an aggregation of links) and a Trunk (the ability to carry many VLANS). If you are NOT from a Cisco background then you might want to read though the following post first to avoid confusion about the world...

Read More
Cisco ASA VPN to Cisco Router “MM_WAIT_MSG3”
Mar27

Cisco ASA VPN to Cisco Router “MM_WAIT_MSG3”

Posted By on Mar 27, 2019

KB ID 0001531 Problem While migrating a VPN tunnel from an ASA 5520 firewall to a new 5516-X I got this problem. The other end was a Cisco router (2900). As soon as I swapped it over, it was stuck at MM_WAIT_MSG3, and phase 1 would not establish; NUFC-ASA5516x(config-tunnel-ipsec)# show crypto isa IKEv1 SAs: Active SA: 6 Rekey SA: 0 (A tunnel will report 1 Active and 1 Rekey SA during rekey) Total IKE SA: 6 1 IKE Peer: 1.1.1.1 Type :...

Read More